QwikSec

Security Database

CVE

CWE

Training

CVE-2026-3715

Published: Mar 8, 2026

Modified: Mar 11, 2026

PUBLISHED

CVSS v3.1

8.8

HIGH

Description

A vulnerability was found in Wavlink WL-WN579X3-C 231124. This affects the function sub_40139C of the file /cgi-bin/firewall.cgi. Performing a manipulation of the argument del_flag results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been made public and could be used. Upgrading to version 20260226 is able to mitigate this issue. You should upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

Vendor	Product	Versions
Wavlink	WL-WN579X3-C	affected `231124` unaffected `20260226`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

References

VDB-349660 | Wavlink WL-WN579X3-C firewall.cgi sub_40139C stack-based overflow

vdb-entry

technical-description

VDB-349660 | CTI Indicators (IOB, IOC, IOA)

signature

permissions-required

Submit #765325 | Wavlink WL-WN579X3-C V231124 Stack-based Buffer Overflow

third-party-advisory

https://github.com/Litengzheng/vul_db/blob/main/WL-WN579X3-C/vul_17/README.md

exploit

https://dl.wavlink.com/firmware/RD/WN579X3C_WAVLINK_V20260226_WO_cb3003b2.bin

patch

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.